U.S. Cyber Agency Questioned Over Response To Massive Health Hack
Senators asked the Cybersecurity and Infrastructure Security Agency to share details of its role in addressing the breach of Change Healthcare.
April 30, 2024
(Bloomberg) -- A trio of US senators asked the federal government’s lead cybersecurity agency to explain its response to a February ransomware attack on an insurance company that paralyzed much of the country’s health-care system.
The group, led by Senator Elizabeth Warren, a Massachusetts Democrat, on Monday asked the US Cybersecurity and Infrastructure Security Agency to share details of its role in addressing the breach of Change Healthcare, a unit of UnitedHealth Group Inc., which snarled billions of dollars of payments and saw hackers make off with patient medical data. The letter also requested a broader picture of the risk posed by ransomware and the agency’s efforts to combat it.
The senators sought information about how CISA worked with the FBI and other arms of the US government to address the hack and what information it provided to UnitedHealth about the BlackCat hacker group accused of being behind the breach. They also asked for information on the frequency and cost of such attacks, the agency’s efforts to create a warning system and what can be done to address the payment of ransoms with cryptocurrencies.
The intrusion at Change — a central node in the health-care system that carried terabytes of data for doctors, pharmacies, insurers and the government — demonstrated the way a single point of failure can compromise a nationwide industry. The attack choked the flow of billions of dollars in payments, tilting some clinics into financial peril and potentially reducing UnitedHealth’s profits by as much as $1.6 billion.
“Given the urgency of this threat, Congress must have a full accounting of the cybersecurity landscape including the events leading up to, and after, the Change cyberattack,” states the letter, which is signed by Warren, Senator Bill Cassidy, a Louisiana Republican and Senator Richard Blumenthal, a Connecticut Democrat.
A CISA spokesperson declined a request for comment.
The senators sent the letter two days before the top executive of UnitedHealth, which owns Change Healthcare, is set to face questions about the attack in House and Senate hearings.
UnitedHealth has said it paid hackers a ransom to protect patient data, though it didn’t disclose the amount.
Read more about:
Risk ManagementAbout the Author
You May Also Like